The Colonial Pipeline ransomware hack reportedly has links with the compromised credentials of a legacy VPN account after hackers gained access to the network.
According to media reports, the pipeline ransomware hack resulted in gas shortages and a $4.4 payoff to the attackers across the Southeast.
Turton, a FireEye security researcher, revealed that the suspicious activity on the Colonial Pipeline’s network began on April 29th.
The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password. https://t.co/2bN9Wza4GN
— William Turton (@WilliamTurton) June 4, 2021
However, the researcher was unable to confirm how the attackers accessed the login. There seems to be no evidence of phishing attempts, sophisticated or otherwise.
They eventually discovered that the employee’s password was present in a dump of login shared on the dark web. However, by reusing the username with the attacker, they could find out how they got in.
Moreover, the U.S. Justice Department recently announced it is planning to elevate ransomware cases to the same priority assigned to terrorism cases.
Also, Ransomware has become a formidable problem for the Biden administration, particularly after the Colonial Pipeline attack.
A week after the pipeline attack reported, it appeared with a message on Capital Pipeline’s computer screens. The staff began to shut down operations.
The shutdown left a massive impression that the Pipeline’s CEO is scheduled to appear in front of the congressional community. The ransomware cases have been centralized by DoJ in a similar way to terrorism cases.